diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2018-07-01 23:04:56 +0300 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2018-07-11 15:23:29 +0300 |
commit | bfe7abd13fc07149386421e2f327780f4699936b (patch) | |
tree | 0d1bbeb43f25c6057844ded8d77ab4aad6f67b9e | |
parent | e42f090e4125e329205afd7fcbfa01bd511699c8 (diff) | |
download | dmvpn-tools-bfe7abd13fc07149386421e2f327780f4699936b.tar.bz2 dmvpn-tools-bfe7abd13fc07149386421e2f327780f4699936b.tar.xz |
dmvpn-ca: password change functionv0.2.0
-rwxr-xr-x | dmvpn-ca | 36 | ||||
-rw-r--r-- | syntax.txt | 2 |
2 files changed, 31 insertions, 7 deletions
@@ -210,9 +210,11 @@ function detect_prefix_afi(s) end -function get_password(new) - if not password then password = dmvpn.get_password(new) end - return password +passwords = {} +function get_password(new, id) + if not id then id = 'default' end + if not passwords[id] then passwords[id] = dmvpn.get_password(new) end + return passwords[id] end function decrypt_key(key) @@ -230,6 +232,13 @@ function load_ca() return ca_cert, ca_key end +function encrypt_key(key, new_pw, pw_id) + return key:getPrivateKey( + config.db['encrypt-keys'] or nil, + function() return get_password(new_pw, pw_id) end + ) +end + function sign(object, hash_alg, cert, key) if not cert then cert, key = load_ca() end object:setIssuer(cert:getSubject()) @@ -273,10 +282,7 @@ function issue_cert(attrs, func) attrs.issued = issued attrs.expires = expires - attrs.privateKey = key:getPrivateKey( - config.db['encrypt-keys'] or nil, - function() return get_password(ca) end - ) + attrs.privateKey = encrypt_key(key, ca) cert:addExtension( x509ext.new( @@ -1282,6 +1288,22 @@ output = scan_choice( scan_finished() io.write(tostring(generate_crl())) end + }, + password={ + set=function() + for row in select_many( + 'serial, privateKey', + 'certificate', + nil, + 'n' + ) do + update( + 'certificate', + {privateKey=encrypt_key(decrypt_key(row[2]), true, 'new')}, + {serial=row[1]} + ) + end + end } }, 'object type' @@ -31,3 +31,5 @@ dmvpn-ca cert {list|show|revoke} [serial <num>|hubs|hub <id>|site <abbr> [vpnc < dmvpn-ca cert export serial <num> dmvpn-ca crl {show|export} + +dmvpn-ca password set |